package com.cws4cloud.cws.common.security.component;

import cn.hutool.core.util.StrUtil;
import com.cws4cloud.cws.common.security.service.TenantUserDetailsService;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsPasswordService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;

import java.util.Map;

/**
 * @ClassName: TenantDaoAuthenticationProvider
 * @Description:
 * @Author zhlj
 * @Company:digitalchina
 * @Date 2021/1/21 14:13
 */
@Component
public class TenantDaoAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {

	private static final String USER_NOT_FOUND_PASSWORD = "userNotFoundPassword";
	private PasswordEncoder passwordEncoder;
	private volatile String userNotFoundEncodedPassword;
	private TenantUserDetailsService userDetailsService;
	private UserDetailsPasswordService userDetailsPasswordService;

	public TenantDaoAuthenticationProvider(TenantUserDetailsService userDetailsService) {
		this.setUserDetailsService(userDetailsService);
		this.setPasswordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder());
	}

	protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
		if (authentication.getCredentials() == null) {
			this.logger.debug("Failed to authenticate since no credentials provided");
			throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
		} else {
			String presentedPassword = authentication.getCredentials().toString();
			if (!this.passwordEncoder.matches(presentedPassword, userDetails.getPassword())) {
				this.logger.debug("Failed to authenticate since password does not match stored value");
				throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
			}
		}
	}

	protected void doAfterPropertiesSet() {
		Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
	}

	protected final UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
		this.prepareTimingAttackProtection();

		try {
			UserDetails loadedUser = null;
			if (authentication.getDetails() instanceof Map) {
				Map<String, Object> map = (Map<String, Object>) authentication.getDetails();
				String tenantId = StrUtil.toString(map.get("tenantId"));
				loadedUser = this.getUserDetailsService().loadUserByUsername(username, tenantId);
			} else {
				loadedUser = this.getUserDetailsService().loadUserByUsername(username);
			}
			if (loadedUser == null) {
				throw new InternalAuthenticationServiceException("UserDetailsService returned null, which is an interface contract violation");
			} else {
				return loadedUser;
			}
		} catch (UsernameNotFoundException var4) {
			this.mitigateAgainstTimingAttack(authentication);
			throw var4;
		} catch (InternalAuthenticationServiceException var5) {
			throw var5;
		} catch (Exception var6) {
			throw new InternalAuthenticationServiceException(var6.getMessage(), var6);
		}
	}

	protected Authentication createSuccessAuthentication(Object principal, Authentication authentication, UserDetails user) {
		boolean upgradeEncoding = this.userDetailsPasswordService != null && this.passwordEncoder.upgradeEncoding(user.getPassword());
		if (upgradeEncoding) {
			String presentedPassword = authentication.getCredentials().toString();
			String newPassword = this.passwordEncoder.encode(presentedPassword);
			user = this.userDetailsPasswordService.updatePassword(user, newPassword);
		}

		return super.createSuccessAuthentication(principal, authentication, user);
	}

	private void prepareTimingAttackProtection() {
		if (this.userNotFoundEncodedPassword == null) {
			this.userNotFoundEncodedPassword = this.passwordEncoder.encode("userNotFoundPassword");
		}

	}

	private void mitigateAgainstTimingAttack(UsernamePasswordAuthenticationToken authentication) {
		if (authentication.getCredentials() != null) {
			String presentedPassword = authentication.getCredentials().toString();
			this.passwordEncoder.matches(presentedPassword, this.userNotFoundEncodedPassword);
		}

	}

	public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
		Assert.notNull(passwordEncoder, "passwordEncoder cannot be null");
		this.passwordEncoder = passwordEncoder;
		this.userNotFoundEncodedPassword = null;
	}

	protected PasswordEncoder getPasswordEncoder() {
		return this.passwordEncoder;
	}

	public void setUserDetailsService(TenantUserDetailsService userDetailsService) {
		this.userDetailsService = userDetailsService;
	}

	protected TenantUserDetailsService getUserDetailsService() {
		return this.userDetailsService;
	}

	public void setUserDetailsPasswordService(UserDetailsPasswordService userDetailsPasswordService) {
		this.userDetailsPasswordService = userDetailsPasswordService;
	}
}
